Popular encrypted e-mail standards unsafe

Users should for now switch to non-e-mail-based secure messaging apps for sensitive communications.

European researchers have found that the popular PGP and S/MIME e-mail encryption standards are vulnerable to being hacked and they urge users to disable and uninstall them immediately.

ITWeb Security Summit 2018

Register now for ITWeb Security Summit 2018, which will feature cyber security guru Mikko Hypponen. Get involved in #SS18HACK and choose from two half-day workshops or a full-day Boot Camp plus five training courses. Click here for the agenda.

University researchers from Muenster and Bochum in Germany, and Leuven in Belgium, discovered the flaws in the encryption methods that can be used with popular e-mail applications such as Microsoft Outlook and Apple Mail.

"There are currently no reliable fixes for the vulnerability," lead researcher Sebastian Schinzel, professor of applied cryptography at the Muenster University of Applied Sciences, said yesterday.

"If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your e-mail client for now."

The team had been due to publish its full findings on Tuesday but rushed them out after the news made waves among the community of encrypted e-mail users that includes activists, whistleblowers and journalists working in hostile environments.

Titling the exploit 'Efail', they wrote that they had found two ways in which hackers could effectively coerce an e-mail client into sending the full plaintext of messages to the attacker.

There's no immediate suggestion that spy agencies or state-sponsored hackers have already used the technique to burrow into people's e-mails.

The researchers have informed e-mail providers of their findings, under so-called responsible disclosure, and it now falls to others to establish whether the exploits can be replicated.

Direct exfiltration

In the first exploit, hackers can 'exfiltrate' e-mails in plaintext by exploiting a weakness inherent in hypertext markup language (HTML), which is used in Web design and in formatting e-mails.

Apple Mail, iOS Mail and Mozilla Thunderbird are all vulnerable to direct exfiltration, they said.

A second attack takes advantage of flaws in OpenPGP and S/MIME to inject malicious text that in turn makes it possible to steal the plaintext of encrypted e-mails.

The vulnerabilities in PGP and S/MIME standards pose an immediate risk to e-mail communication, including the potential exposure of the contents of past messages, said the Electronic Frontier Foundation (EFF), a US digital rights group.

In a blog post, the EFF recommended that PGP users uninstall or disable their PGP e-mail plug-ins while the research community evaluates the seriousness of the flaws reported by the European research team.

It also said users should switch for the time being to non-e-mail-based secure messaging apps such as Signal for sensitive communications.

Germany's Federal Office for Information Security (BSI) said in a statement there were risks that attackers could secure access to e-mails in plaintext once the recipient had decrypted them.

It added, however, that it considered the encryption standards themselves to be safe if correctly implemented and configured.

"Securely encrypted e-mail remains an important and suitable means of increasing information security," it said in a statement, adding that the flaws which have been discovered can be remedied through patches and proper use.

PGP (Pretty Good Privacy) was invented in 1991 by Phil Zimmermann and has long been viewed as a secure form of end-to-end encryption impossible for outsiders to access. Zimmermann is co-founder and chief scientist of Silent Circle, an encrypted communications firm.

PGP has in the past been endorsed, among others, by Edward Snowden, who blew the whistle on pervasive electronic surveillance at the US National Security Agency before fleeing to Russia.

PGP works using an algorithm to generate a 'hash', or mathematical summary, of a user's name and other information. This is then encrypted with the sender's private 'key' and decrypted by the receiver using a separate public key.

To exploit the weakness, a hacker would need to have access to an e-mail server or the mailbox of a recipient. In addition, the mails would need to be in HTML format and have active links to external content to be vulnerable, the BSI said.

It advised users to disable the use of active content, such as HTML code and outside links, and to secure their e-mail servers against external access.